BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//CERN//INDICO//EN
BEGIN:VEVENT
SUMMARY:Testing Most Authoritative Servers for Conformance
DTSTART;VALUE=DATE-TIME:20160331T183000Z
DTEND;VALUE=DATE-TIME:20160331T190000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-313@indico.dns-oarc.net
DESCRIPTION:Speakers: Paul Hoffman (ICANN)\nICANN has recently begun testi
ng live authoritative servers for conformance to the DNS protocols\, parti
cularly for TCP and EDNS(0) compliance. We do this by collecting registere
d names from the zone files of all gTLDs\, as well as a representative sam
pling of names registered in the ccTLDs. This paper shows the test methodo
logy\, the levels of compliance found\, and suggests avenues for further t
esting.\n\nhttps://indico.dns-oarc.net/event/22/contributions/313/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/313/
END:VEVENT
BEGIN:VEVENT
SUMMARY:ENTRADA: The Impact of a TTL Change at the TLD-level
DTSTART;VALUE=DATE-TIME:20160331T170000Z
DTEND;VALUE=DATE-TIME:20160331T173000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-314@indico.dns-oarc.net
DESCRIPTION:Speakers: M Wullink (SIDN)\nSIDN\, the registry for the .nl cc
TLD\, managing 5\,6 million .nl domain names\, has recently made significa
nt changes to its zone file publication policy:\n\n- A new zone file is no
w available every hour\, instead of every 2 hours.\n- The delegation TTL v
alue has been decreased to match the new publishing interval.\n- The SOA m
inimum TTL value has been decreased from 900 to 600 seconds.\n\nWe used EN
TRADA to analyse the impact of these changes on:\n\n- Overall DNS traffic\
n- Specific query types\n- Specific domain name types (popular\, unpopular
\, nxdomain)\n\nThis presentation will show the results of this work.\nWe
are also pleased to announce that ENTRADA is now available as open source
project.\n\n----------\n\n### ENTRADA\n\n[ENTRADA][1] (ENhanced Top-level
Domain Resilience through Advanced Data Analysis) is a DNS big data platfo
rm built on top of Hadoop\, we use it at SIDN Labs for analysing over 100
billion DNS queries. Each day ~400 million new queries are added.\n\n\n [
1]: http://entrada.sidnlabs.nl/\n\nhttps://indico.dns-oarc.net/event/22/co
ntributions/314/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/314/
END:VEVENT
BEGIN:VEVENT
SUMMARY:The Quest for the Missing Keytags
DTSTART;VALUE=DATE-TIME:20160401T143000Z
DTEND;VALUE=DATE-TIME:20160401T150000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-315@indico.dns-oarc.net
DESCRIPTION:Speakers: Roy Arends (ICANN)\nIn an effort to create all possi
ble 64K keytags for a DNSSEC signing key\, an anomaly surfaced that caused
75% of the possible keytags to never appear.\n\nThis effort to generate c
ertain cryptographic keys became an adventure in itself that included beau
tiful discrete math\, flawed functions\, carefully crafted primes\, multip
le cryptographic libraries\, and some brilliant people.\n\nThe result of t
his effort shows that using an ancient checksum function to identify crypt
ographic keys is not optimal.\n\nhttps://indico.dns-oarc.net/event/22/cont
ributions/315/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/315/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Continuous Data-driven Analysis of Root Server System Stability
DTSTART;VALUE=DATE-TIME:20160331T173000Z
DTEND;VALUE=DATE-TIME:20160331T180000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-316@indico.dns-oarc.net
DESCRIPTION:Speakers: Bart Gijsen (TNO)\nAt the end of 2015 the Continuous
Data-driven Analysis of Root Server System Stability (CDAR)[1] study was
started by the consortium partners NLnet Labs\, SIDN and TNO. The objecti
ve of the CDAR study is to analyze the technical impact of the introductio
n of New gTLDs in the root zone on the stability and security of the root
server system.\n\nWith this in mind\, we engaged in the collection and ana
lyses of a large variety of measurement data sets (RIPE Atlas measurements
\, RIPE DNSMON\, RSSAC002\, DITL\, and others). The projects aims at answ
ering the question if the growth on the root zone files impact\, in any me
asurable way\, the operational stability of the root DNS system.\n\nIn thi
s presentation\, the CDAR team will discuss with the community our first r
esults on the analysis of the measurement data\, as well the data collecti
on and analysis methods used to observe the technical impact of New gTLD p
rogram. In specific\, we will present a (i) characterization of the Root
DNS traffic\, an (ii) analysis of RSSAC002 data and TLD domain statistic t
o describe the impact of new gTLDs\, and (iii) the impact of fluctuations
in the query rates at the Root on DNS stability. (For the latter\, we can
use data of the late root DDoS attacks [2] and analyse the combined data
of RIPE Atlas\, DNSSMON and RSSAC002 data.)\n\nA second type of assessment
s focusses on the correctness of DNS data and its impact on the Root stabi
lity and security. Results will be presented from continuous\, valid/brok
en DNSSEC chain validations between the Root and (New g)TLDs\, amongst oth
ers.\n\nBy sharing the current CDAR results we contribute to building on p
revious results from the DNS-OARC community and we enable the community to
reflect on the study results.\n\n[1] http://cdar.nl \n[2] http://root-ser
vers.org/news/events-of-20151130.txt\n\nhttps://indico.dns-oarc.net/event/
22/contributions/316/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/316/
END:VEVENT
BEGIN:VEVENT
SUMMARY:COM/Net Anycast Changes
DTSTART;VALUE=DATE-TIME:20160401T182500Z
DTEND;VALUE=DATE-TIME:20160401T183000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-317@indico.dns-oarc.net
DESCRIPTION:Speakers: Matt Weinberg (Verisign)\nhttps://indico.dns-oarc.ne
t/event/22/contributions/317/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/317/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Knot DNS Resolver
DTSTART;VALUE=DATE-TIME:20160401T120000Z
DTEND;VALUE=DATE-TIME:20160401T123000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-318@indico.dns-oarc.net
DESCRIPTION:Speakers: Ondrej Sury (CZ.NIC)\nKnot DNS Resolver is a new CZ.
NIC project that builds a fully DNSSEC-validating DNS resolver. But it's
more it's a powerful platform for building resolver service due its extens
ibility via modules and configuration in Lua.\n\nhttps://indico.dns-oarc.n
et/event/22/contributions/318/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/318/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Rolling the Root Key
DTSTART;VALUE=DATE-TIME:20160401T190000Z
DTEND;VALUE=DATE-TIME:20160401T193000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-320@indico.dns-oarc.net
DESCRIPTION:Speakers: Geoff Huston (APNIC)\nThis is a report of one member
's perspectives on the work of the Root Key Roll Design Team\, looking at
the various operational tradeoffs that were involved in preparing the plan
to roll the root key. I would also like to make some comments on the stat
e of standards and implementations of resolvers and the lack of clear stan
dard specifications about how to signal a key roll. Where possible I will
illustrate the considerations with measurement data about the behaviour of
resolvers that query authoritative name servers.\n\nhttps://indico.dns-oa
rc.net/event/22/contributions/320/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/320/
END:VEVENT
BEGIN:VEVENT
SUMMARY:State of the "DNS privacy" project: running code
DTSTART;VALUE=DATE-TIME:20160331T190000Z
DTEND;VALUE=DATE-TIME:20160331T193000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-321@indico.dns-oarc.net
DESCRIPTION:Speakers: Stéphane Bortzmeyer (AFNIC)\nThe "DNS privacy" proj
ect started at the IETF meeting in Vancouver a few months after the Snowde
n revelations. What is its current state? A problem statement has been pub
lished\, RFC 7626. Two directions are followed: QNAME minimisation\, to de
crease the amount of data sent to the name servers. And encryption\, to pr
event a sniffer to get the data.\n\nThis talk will present the state of st
andardisation (it is possible that all the RFC are published before the me
eting) and will demo the running code: QNAME minimisation in Unbound and K
not\, and how does it work with broken name servers (such as those sending
NXDOMAIN for an ENT)\, and DNS over TLS.\n\nhttps://indico.dns-oarc.net/e
vent/22/contributions/321/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/321/
END:VEVENT
BEGIN:VEVENT
SUMMARY:DNS Secondary service for customers\, evolution and "meta-slave"
DTSTART;VALUE=DATE-TIME:20160401T173000Z
DTEND;VALUE=DATE-TIME:20160401T175000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-322@indico.dns-oarc.net
DESCRIPTION:Speakers: Diaz Marco (NIC Chile)\nNIC Chile\, .CL ccTLD regist
ry\, started to offer a secondary name service to its customers as a way t
o improve the overall internet robustness in Chile more than 10 years ago.
We are going to show the evolution of a free of charge service from an un
icast ip server to an anycast cloud\, and using a sort of "meta-slave" dae
mon for provisioning the nodes.\n\nhttps://indico.dns-oarc.net/event/22/co
ntributions/322/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/322/
END:VEVENT
BEGIN:VEVENT
SUMMARY:ECDSA - Reviewed
DTSTART;VALUE=DATE-TIME:20160401T175000Z
DTEND;VALUE=DATE-TIME:20160401T180500Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-323@indico.dns-oarc.net
DESCRIPTION:Speakers: Geoff Huston (APNIC)\nThis is intended to be an upda
te to an earlier presentation on the extent to which DNS resolvers are abl
e to performance validation on ECDSA-signed data\n\nhttps://indico.dns-oar
c.net/event/22/contributions/323/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/323/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Review and analysis of attack traffic against A-root and J-root on
November 30 and December 1\, 2015
DTSTART;VALUE=DATE-TIME:20160401T140000Z
DTEND;VALUE=DATE-TIME:20160401T143000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-324@indico.dns-oarc.net
DESCRIPTION:Speakers: Duane Wessels (Verisign)\, Matt Weinberg (Verisign)\
nOn November 30 and December 1\, 2015\, some of the Internet's Domain Name
System (DNS) root name servers received large amounts of anomalous traffi
c. The twelve root operators jointly published a report of the incident ([
http://www.root-servers.org/news/events-of-20151130.txt][1]). The event al
so generated spirited discussion and speculation on public mailing lists\,
website forums\, and blog postings.\n\nThis presentation will specificall
y cover Verisign's observations and analysis of the attack in operating bo
th A-root and J-root. Topics to be discussed include:\n\n - A recap of the
attack\, including an exact timeline of the event along with some specifi
cs of the traffic itself.\n - A brief discussion about any perceivable imp
act on A-root and J-root\, and the root as a whole.\n - Actions taken befo
re\, during\, and after the attack. What worked well? What could of been d
one better?\n - A video that visualizes the attack as a Hilbert Curve repr
esentation. This analysis clearly suggests that the source addresses were
spoofed.\n - Assumptions regarding the purpose of the attack (Hint: the at
tacker was not specifically targeting the root servers)\n\n\n [1]: http:/
/bit.ly/1TdUJyN\n\nhttps://indico.dns-oarc.net/event/22/contributions/324/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/324/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Multi-vantage point DNS Diagnostics and Measurement
DTSTART;VALUE=DATE-TIME:20160401T130000Z
DTEND;VALUE=DATE-TIME:20160401T133000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-325@indico.dns-oarc.net
DESCRIPTION:Speakers: Casey Deccio (Verisign Labs)\nThe ability to measure
network and server behaviors from different network vantage points is imp
ortant for understanding the general health of a network ecosystem. There
are various platforms\, frameworks\, and APIs designed and built to accom
modate this need. In this talk we discuss a new DNS looking glass framewo
rk designed for low-overhead deployment and great flexibility\, and availa
ble for use with the DNSViz measurement tool. Recursive and authoritative
inspection are both supported\, via direct\, client-based\, or HTTP-proxy
-based looking glass perspectives.\n\nhttps://indico.dns-oarc.net/event/22
/contributions/325/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/325/
END:VEVENT
BEGIN:VEVENT
SUMMARY:AAAA Deep Dive: DNS Resolution Anomalies and Performance across a
Huge Data Set
DTSTART;VALUE=DATE-TIME:20160331T163000Z
DTEND;VALUE=DATE-TIME:20160331T170000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-326@indico.dns-oarc.net
DESCRIPTION:Speakers: Ralf Weber (Nominum Inc)\nMuch has been written abou
t IPv6 adoption and its performance. One thing that has not been explored
is how IPv6 DNS resolution contributes to overall user experience. What i
mpact does transport\, authoritative server configuration and other factor
s have on the “long tail” of domains queried over IPv6? This talk will
present experimental results using a data set of approximately 35 million
unique names and query types\, extracted from production resolvers around
the world. This data will feed dnsperf\, a widely used utility for evalu
ating DNS performance\, to query resolvers set up in the following ways: I
Pv4 only\, IPv6 only\, & prefer IPv6\, all with EDNS0 on by default\, alon
g with a control server with EDNS0 off. Differences in resolution perform
ance will be evaluated and presented for each of the resolvers.\n\nhttps:/
/indico.dns-oarc.net/event/22/contributions/326/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/326/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Deckard -- Integration Testing of DNS Servers
DTSTART;VALUE=DATE-TIME:20160401T170000Z
DTEND;VALUE=DATE-TIME:20160401T173000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-327@indico.dns-oarc.net
DESCRIPTION:Speakers: Ondrej Sury (CZ.NIC)\nA generic testing framework wa
s produced as a part of developing the Knot Resolver. This framework is wr
itten in python and can use UNIX domain sockets to bypass the underlying p
hysical network and fake time using libfaketime. Apart from short introdu
ction I will show the audience some real-life scenarios for testing the re
cursive and authoritative DNS servers and how to integrate Deckard into yo
ur own testing platform - this is important both for vendors and for peopl
e deploying new versions of servers into production.\n\nhttps://indico.dns
-oarc.net/event/22/contributions/327/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/327/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Zombies
DTSTART;VALUE=DATE-TIME:20160401T181000Z
DTEND;VALUE=DATE-TIME:20160401T181500Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-328@indico.dns-oarc.net
DESCRIPTION:Speakers: Geoff Huston (APNIC)\nhttps://indico.dns-oarc.net/ev
ent/22/contributions/328/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/328/
END:VEVENT
BEGIN:VEVENT
SUMMARY:EDNS Compliance
DTSTART;VALUE=DATE-TIME:20160401T182000Z
DTEND;VALUE=DATE-TIME:20160401T182500Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-329@indico.dns-oarc.net
DESCRIPTION:Speakers: Mark Andrews (ISC)\nhttps://indico.dns-oarc.net/even
t/22/contributions/329/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/329/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Increasing the Root Zone ZSK Size
DTSTART;VALUE=DATE-TIME:20160401T150000Z
DTEND;VALUE=DATE-TIME:20160401T153000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-330@indico.dns-oarc.net
DESCRIPTION:Speakers: Duane Wessels (Verisign)\nVerisign\, in its role as
Root Zone Maintainer\, plans to increase the size of the root zone Zone Si
gning Key (ZSK) in 2016. The ZSK has been a 1024-bit RSASHA256 key since
the initial deployment of DNSSEC to the root zone in 2010. In the latter
half of 2016\, the ZSK size will be increased to 2048-bits.\n\nIn this pre
sentation we will outline the schedule for the change\, describe various t
echnical and non-technical details for implementing the change\, describe
how the change will affect root zone response sizes\, and our plans for em
ergency fallback to a 1024-bit in the unlikely event it should be necessar
y.\n\nhttps://indico.dns-oarc.net/event/22/contributions/330/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/330/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Real-Time Analytics of DNS packets
DTSTART;VALUE=DATE-TIME:20160331T143000Z
DTEND;VALUE=DATE-TIME:20160331T150000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-331@indico.dns-oarc.net
DESCRIPTION:Speakers: Javier Bustos-Jiménez (NIC Chile Research Labs (NIC
Labs). Universidad de Chile)\nIn OARC 22 (Amsterdam) we gave a lightning t
alk about the possibilities and prospects of using Apache Storm for real-t
ime analytics of DNS packets.\n\nNow\, after a year of work\, we are glad
to present RaTA-DNS\, our modular system for realtime analytics. RaTA-DNS
was designed as a set of self-contained modules aiming to an easy integra
tion with existing systems such as DSC and Hedgehog\, and new systems such
as SIDN Lab's ENTRADA.\n\nThe main components of our system are three: Fi
evel\, a packet monitor responsible for capturing network traffic and perf
orm a preliminary processing (for reducing the data rate in order to be tr
ansmitted to aggregators)\; Gopher\, which is responsible for aggregate th
e captured data received from multiple servers (Gopher was developed in Go
language instead using the Apache Storm framework for modularity reasons)
\; and Remy\, the dashboard (data visualisations)\, which is connected to
several Gopher modules to provide real time displays.\n\nThe idea is to pr
ovide a programmable framework for real-time monitoring of DNS. Thus\, Fie
vel has been developed as a scriptable module\, where preprocessing is pro
grammable and adaptable to the needs of different users\, producing a moni
toring system fully customisable. \n\nAdditionally\, as Fievel provides th
e tcp-replay function and Remy the play-pause-rewind functions\, RaTA-DNS
can be also seen as a very useful tool for forensic analysis of DNS traces
. \nActually\, RaTA-DNS is connected to 2 NIC Chile DNS servers\, processi
ng in a normal operations day around 1200 (queries-responses)/sec per serv
er\, and aggregating statistical information such as queries/sec\, non-rfc
-conformant queries (queries using underscores)\, top-K queries by source\
, destiny\, and geolocation. Further information can be seen in http://ra
tadns.niclabs.cl\n\nhttps://indico.dns-oarc.net/event/22/contributions/331
/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/331/
END:VEVENT
BEGIN:VEVENT
SUMMARY:QNAME minimisation in Unbound
DTSTART;VALUE=DATE-TIME:20160331T193000Z
DTEND;VALUE=DATE-TIME:20160331T200000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-332@indico.dns-oarc.net
DESCRIPTION:Speakers: Ralph Dolmans (NLnet Labs)\nData stored in the DNS i
s publicly visible. DNS transactions\, on the other hand\, contain privacy
sensitive information. The Snowden revelations about pervasive monitoring
are seen as a wake up call for the internet community to increase the foc
us on privacy protection. One of the privacy threat mitigation methods men
tioned in RFC6973\, is the principle of data minimisation[0]. The RFC stat
es that: "Reducing the amount of data exchanged reduces the amount of data
that can be misused or leaked.".\n\nOne of the new features in Unbound 1.
5.7 is the support of QNAME minimisation[1]. QNAME minimisation is a techn
ique to improve DNS privacy by limiting the amount of privacy sensitive da
ta exposed to authoritative nameservers. This is done by limiting the numb
er of labels in the QNAME sent to nameservers and by setting the QTYPE to
NS in order to hide the original QTYPE where possible.\n\nAlthough the pro
posed minimisation of the QNAME and using the NS QTYPE are not strictly fo
rbidden in the original DNS RFC\, not all nameservers handle these queries
the way they should. Common wrong responses are NXDOMAIN on empty-non-ter
minals and refusing queries with QTYPE=NS. Resolving when using QNAME mini
misation will fail on these broken nameservers. We suspect that operators
will not adopt QNAME minimisation when it is implemented according to the
specification. Unbound is shipped with an implementation that will resolve
queries "as usual" when broken nameservers are detected.\n\nQNAME minimis
ation can increase the number of queries sent to nameservers. This is most
notable when resolving in the ip6.arpa name space. To limit the number of
queries for reverse IPv6 lookups\, unbound increments the minimised QNAME
with 8 labels on each iteration when the original QNAME is a subdomain of
ip6.arpa.\n\nAn uncovered topic in the specification is QNAME minimisatio
n and forwarders. Because of the "best effort" approach\, there is no priv
acy enhancement when minimising queries to forwarders. Unbound does not mi
nimise queries sent to forwarders.\n\nThe most important reason to enable
QNAME minimisation is the improved privacy. There are\, however\, some oth
er benefits. One of them is that querying all intermediate domain names wi
ll result in a more precise negative cache. This improves both performance
and privacy. Although using a completely different technique\, QNAME mini
misation can lead to the same result as described in draft-wkumari-dnsop-c
heese-shop-00[2]. Namely reducing the amount of traffic to the root server
s.\n\n\n[0] - https://tools.ietf.org/html/rfc6973#section-6.1\n[1] - https
://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-09.\n[2] - http
s://tools.ietf.org/html/draft-wkumari-dnsop-cheese-shop-00\n\nhttps://indi
co.dns-oarc.net/event/22/contributions/332/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/332/
END:VEVENT
BEGIN:VEVENT
SUMMARY:OARC Status Update
DTSTART;VALUE=DATE-TIME:20160331T131000Z
DTEND;VALUE=DATE-TIME:20160331T133500Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-333@indico.dns-oarc.net
DESCRIPTION:Speakers: Keith Mitchell (DNS-OARC)\nIt has been another busy
6 months for the OARC Team. In particular\, we're well down the path of ex
ecuting a plan which will re-locate our primary infrastructure hosting sit
e to multiple new locations. We also have a new staff member recently join
ed as Software Engineer\, and are gearing up for our DITL2016 data gatheri
ng exercise shortly after the workshop.\n\nThis presentation will update O
ARC Members and the audience on these developments and OARC's 2016 budget
and fees.\n\nhttps://indico.dns-oarc.net/event/22/contributions/333/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/333/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Panel: DNSSEC algorithm flexibility
DTSTART;VALUE=DATE-TIME:20160401T200000Z
DTEND;VALUE=DATE-TIME:20160401T204500Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-334@indico.dns-oarc.net
DESCRIPTION:Speakers: Benno Overeinder (NLnet Labs)\, Dan York (Internet S
ociety)\, Evan Hunt (ISC)\, Jan Včelák (CZ.NIC)\, Ondrej Sury (CZ.NIC)\,
Paul Wouters (Redhat)\, Ralf Weber (Nominum Inc)\nThis is a proposal to h
ave a discussion panel with DNS vendors (ISC\, NlNetLabs\, PowerDNS\, CZ.N
IC\, Nominum\,\nMicrosoft) and people from operating systems and Linux dis
tros (Microsoft\, Debian\, Ubuntu\, RedHat\, SuSE) to come and discuss cha
llenges of introducing new and deprecating old DNS(SEC) algorithms.\n\nThe
proposed moderators are Dan York and Olaf Kolkman as neutral moderators.
Also invited to participate are large scale DNS resolver like Google DNS\,
and reaching for other operators as well.\n\nThe initial ideas to discuss
are:\n\n 1. The life cycles of upstream (DNS vendors)\;\n 2. The life cyc
le of downstream (linux distros' releases\, windows releases\, etc.)\;\n 3
. Experiences with customers' deployments\, etc.\n 4. Other ideas\n\nWe ar
e expecting a 45 to 60 minute slot to have enough time for discussion.\n\n
https://indico.dns-oarc.net/event/22/contributions/334/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/334/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Recent DDoS attacks against RIPE NCC's DNS servers
DTSTART;VALUE=DATE-TIME:20160331T133500Z
DTEND;VALUE=DATE-TIME:20160331T135000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-335@indico.dns-oarc.net
DESCRIPTION:Speakers: Anand Buddhdev (RIPE NCC)\nIn the last several weeks
\, the RIPE NCC's DNS infrastructure has experienced some DDoS events. In
this presentation\, I would like to talk about what we experienced\, and h
ow we tried to mitigate the attacks. I will talk about the nature of the a
ttacks\, and specifically what kind of methods and tools we used to try an
d defence our infrastructure.\n\nhttps://indico.dns-oarc.net/event/22/cont
ributions/335/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/335/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Algorithm roll-over experiences
DTSTART;VALUE=DATE-TIME:20160401T193000Z
DTEND;VALUE=DATE-TIME:20160401T200000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-336@indico.dns-oarc.net
DESCRIPTION:Speakers: Anand Buddhdev (RIPE NCC)\nAlgorithm roll-overs are
part of any security system\, because older algorithms lose their strength
\, and stronger and newer algorithms come along. At the RIPE NCC we recent
ly rolled our algorithm from SHA1 and to SHA256. We had some interesting i
ssues\, and I'd like to talk about them\, especially as more people may wa
nt to consider rolling their algorithms now.\n\nAmongst these issues were
things like software support\, testing\, planning of the roll-over and tim
ing issues.\n\nhttps://indico.dns-oarc.net/event/22/contributions/336/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/336/
END:VEVENT
BEGIN:VEVENT
SUMMARY:RIPE Atlas and DNS
DTSTART;VALUE=DATE-TIME:20160401T182500Z
DTEND;VALUE=DATE-TIME:20160401T183000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-337@indico.dns-oarc.net
DESCRIPTION:Speakers: Stéphane Bortzmeyer (AFNIC)\nhttps://indico.dns-oar
c.net/event/22/contributions/337/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/337/
END:VEVENT
BEGIN:VEVENT
SUMMARY:DNS-Stats Collector Project
DTSTART;VALUE=DATE-TIME:20160401T181500Z
DTEND;VALUE=DATE-TIME:20160401T182000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-338@indico.dns-oarc.net
DESCRIPTION:Speakers: Sara Dickinson (Sinodun IT)\nhttps://indico.dns-oarc
.net/event/22/contributions/338/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/338/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Welcoming Remarks
DTSTART;VALUE=DATE-TIME:20160331T130000Z
DTEND;VALUE=DATE-TIME:20160331T131000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-340@indico.dns-oarc.net
DESCRIPTION:Speakers: Ondrej Filip (CZ.NIC)\nhttps://indico.dns-oarc.net/e
vent/22/contributions/340/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/340/
END:VEVENT
BEGIN:VEVENT
SUMMARY:How we are developing a next generation DNS API for applications
DTSTART;VALUE=DATE-TIME:20160331T140000Z
DTEND;VALUE=DATE-TIME:20160331T143000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-341@indico.dns-oarc.net
DESCRIPTION:Speakers: Sara Dickinson (Sinodun IT)\, Willem Toorop (NLnet L
abs)\nMany new and developing DNS features have emerged in recent years to
improve both the security and privacy of DNS ( e.g. DNSSEC/DANE and DNS-o
ver-TCP/TLS). A major reason for the lack of uptake and deployment of thes
e features by applications is that existing DNS APIs either do not support
the features or do not provide an application friendly interface. To solv
e this problem the getdns API was developed with the main goals of:\n\n -
Ease of use by application developers across a variety of languages \n - D
NS capabilities that most application developers might want now or in the
next few years\n\nWe present an implementation of the getdns API (verging
on production release) and discuss how it has evolved through close involv
ement with application developers and standards developments. This collabo
rative development model has also helped to identify practical and impleme
ntation specific roadblocks to real-world deployment particularly for DANE
and DNSSEC. As a result the API has been refined and the implementation p
rovides easy access to DNS data both directly in C and via a range of bind
ings including Python\, nodejs and Java. \n\nParticipation by the develop
ment team in multiple international hackathons has also demonstrated how t
he API enables rapid development of prototype implementations (including m
any DNS privacy related IETF drafts) with getdns proving a powerful resear
ch tool in these areas. \n\nIntegration of getdns into operating systems i
s also discussed\, as it the fact that by enabling new DNS features for cl
ient applications the API will create demand for upstream services which i
s of consideration to operators.\n\nhttps://indico.dns-oarc.net/event/22/c
ontributions/341/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/341/
END:VEVENT
BEGIN:VEVENT
SUMMARY:Threshold-Cryptography Distributed HSM
DTSTART;VALUE=DATE-TIME:20160401T123000Z
DTEND;VALUE=DATE-TIME:20160401T130000Z
DTSTAMP;VALUE=DATE-TIME:20190525T145151Z
UID:indico-contribution-22-342@indico.dns-oarc.net
DESCRIPTION:Speakers: Francisco Cifuentes (NIC Chile Research Labs)\nIn th
e 20th DNS-OARC workshop\, we showed a virtual HSM based on threshold cryp
tography. This system has the purpose to be used with OpenDNSSEC in order
to provide a low cost solution to DNS record signing automation. But that
system had a single point of failure: the key manager. Single points of fa
ilure are undesirable\, even more in a fault tolerant distributed system.
After a reengineering during the last year\, we solved this problem by imp
lementing the whole protocol within the PKCS #11 API. The communication no
w is done directly between the application that uses the system and the no
des\, without the need of any centralised subsystem. This reengineering no
t only help us to have a really fault tolerant system but to improve the p
erformance by reducing the latency of the operations.\n\nIn this presentat
ion\, we will walk through the main features of the system\, how simple is
to integrate it with currently working systems\, and how the system might
help to improve the number of deployed DNSSEC systems when a secure low-c
ost cryptographic solution is needed.\n\nhttps://indico.dns-oarc.net/event
/22/contributions/342/
LOCATION:Intercontinental Buenos Aires Montserrat
URL:https://indico.dns-oarc.net/event/22/contributions/342/
END:VEVENT
END:VCALENDAR